> Being able to override the expectations of those programs which are installed > mode 111 _is_ a security problem in that it violates expected semantics and > that when a given Unix variant makes any attempt to enforce these semantics > it should make sure it completely enforces them, instead of giving a false > sense of security. Sound like "security by obscurity" to anyone? Semantics of unreadable files is well-defined at file level (i.e., it's defined you cannot read() them), but not at any other level. No standard guarantees you that contents of such binaries are not accessible in any other way, so relying on it in order to secure things does sound like "security by obscurity" to me. Enforcing real unreadability on the PC is very hard, given the fact i386 does not support execute-only pages. Have a nice fortnight -- Martin `MJ' Mares <mjat_private> http://atrey.karlin.mff.cuni.cz/~mj/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth "What color is a chameleon on a mirror?"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:33 PDT